User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentMAX-206M2

151

152

153

154

155

156

157

158

159

160

Chapter 14 The Certificates Screens

User’s Guide

156

A certification path is the hierarchy of certification authority certificates that validate a

certificate. The WiMAX Modem does not trust a certificate if any certificate on its path has

expired or been revoked.

Certification authorities maintain directory servers with databases of valid and revoked

certificates. A directory of certificates that have been revoked before the scheduled expiration

is called a CRL (Certificate Revocation List). The WiMAX Modem can check a peer’s

certificate against a directory server’s list of revoked certificates. The framework of servers,

software, procedures and policies that handles keys is called PKI (public-key infrastructure).

14.4.1.1 Advantages of Certificates

Certificates offer the following benefits.

• The WiMAX Modem only has to store the certificates of the certification authorities that

you decide to trust, no matter how many devices you need to authenticate.

• Key distribution is simple and very secure since you can freely distribute public keys and

you never need to transmit private keys.

14.4.1.2 Self-signed Certificates

You can have the WiMAX Modem act as a certification authority and sign its own certificates.

14.4.1.3 Factory Default Certificate

The WiMAX Modem generates its own unique self-signed certificate when you first turn it on.

This certificate is referred to in the GUI as the factory default certificate.

14.4.1.4 Certificate File Formats

Any certificate that you want to import has to be in one of these file formats:

• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509

certificates.

• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase

letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable

form.

• Binary PKCS#7: This is a standard that defines the general syntax for data (including

digital signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key

certificate. The private key is not included. The WiMAX Modem currently allows the

importation of a PKS#7 file that contains a single certificate.

• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses

lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate

into a printable form.

A Be careful to not convert a binary file to text during the transfer process. It is

easy for this to occur since many programs use text files by default.